Related Families: Knight
Verticals Targeted: Healthcare, Financial, Auction House, Technology, Government
RansomHub
Sep 6, 2024 11:35:47 AM / by The Hivemind posted in Threat Bulletin, Ransomware, RansomHub, Knight
Recent Ransomware Attacks on the Healthcare Vertical
Aug 19, 2024 12:54:46 PM / by The Hivemind posted in Threat Bulletin, Ransomware, Healthcare, Disbuk, Rhysida, INC
Related Families: Rhysida, INC
Verticals Targeted: Healthcare
Executive Summary
Since late July, at least two ransomware groups have allegedly targeted healthcare vertical entities. The attacks were attributed to INC and Rhysida ransomware groups.
BlackSuit Confirmed as Royal Ransomware Rebrand
Aug 12, 2024 2:08:09 PM / by The Hivemind posted in Threat Bulletin, Ransomware, Royal, BlackSuit
Verticals Targeted: Critical Infrastructure, Healthcare, Government, Manufacturing
Executive Summary
BlackSuit is a ransomware family that targets both Windows and Linux systems. A recent joint advisory published by CISA and the FBI confirmed BlackSuit is a rebrand of Royal. The advisory also highlighted new BlackSuit ransomware activity.
Play Ransomware Linux Variant Discovered
Jul 26, 2024 3:02:38 PM / by The Hivemind posted in Threat Bulletin, Ransomware, Linux, Play, ESXi
Executive Summary
A Linux variant of Play ransomware has been observed that is capable of targeting ESXi environments.
GhostLocker Ransomware
Jul 5, 2024 2:05:23 PM / by The Hivemind posted in Threat Bulletin, Ransomware, GhostLocker, GhostSec, Stormous
Verticals Targeted: Technology, Education, Manufacturing, Transportation, Government
Executive Summary
GhostLocker, a ransomware family that has been in the wild since late 2023, is now under new management. Stormous, the new GhostLocker operators, have stated they are updating the program and will offer some ransomware services for free.
RansomHub
Jun 14, 2024 2:22:45 PM / by The Hivemind posted in Threat Bulletin, Ransomware, RansomHub, Knight
Related Families: Knight
Verticals Targeted: Healthcare, Financial, Auction House, Technology, Government
Executive Summary
RansomHub, a ransomware as a service (RaaS), is an offshoot of Knight and has quickly become one of the most active ransomware families in 2024.
TargetCompany Ransomware Linux Variant
Jun 10, 2024 2:25:02 PM / by The Hivemind posted in Threat Bulletin, Ransomware, Linux, Asia, APAC, TargetCompany, ESXi
Verticals Targeted: Healthcare, Finance, Government, Manufacturing, Education, Information Technology, Retail, Transportation, Utilities, Telecommunications
Executive Summary
A new Linux variant of TargetCompany ransomware was recently discovered that uses a custom shell script to deliver and execute payloads in ESXi environments.
Black Basta Targeting Critical Infrastructure
May 17, 2024 2:19:41 PM / by The Hivemind posted in Threat Bulletin, Critical Infrastructure, Ransomware, Black Basta, Healthcare, Emerging Threat
Related Families: Qakbot
Verticals Targeted: Critical Infrastructure, Healthcare